Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/CodexaCP/DG_BACK/llms.txt

Use this file to discover all available pages before exploring further.

Dragon Guard runs as a standard .NET 8 ASP.NET Core Web API. All you need to get up and running locally is the .NET 8 SDK, a reachable SQL Server instance, and a few configuration values. The steps below walk you from a fresh clone to your first authenticated warehouse API call.
1

Configure the API

Open appsettings.json at the project root. At minimum you must supply a valid SQL Server connection string under ConnectionStrings:WmsDb and JWT signing parameters under the Jwt block. The file ships with development defaults — replace them before running in any shared or production environment.
appsettings.json
{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*",
  "ConnectionStrings": {
    "WmsDb": "Server=.\\SQLEXPRESS;Database=Handheld_Core_Dev;Trusted_Connection=True;TrustServerCertificate=True;Encrypt=False;Connect Timeout=10"
  },
  "Jwt": {
    "Key": "YOUR_SECRET_KEY_AT_LEAST_32_CHARACTERS_LONG",
    "Issuer": "wms-api",
    "Audience": "wms-client",
    "ExpiresInMinutes": 60
  },
  "GrupoMasLegacy": {
    "WebConfigPath": "C:\\path\\to\\legacy\\web.config"
  }
}
Jwt:Key is loaded at startup and will throw an InvalidOperationException if absent — the API will refuse to start without it. See the Configuration page for a full reference of every supported key.
2

Run the API

Build and start the API from the project directory:
dotnet run
On first run (and after every migration is added), the API automatically applies any pending EF Core migrations against WmsDb before the HTTP server begins accepting requests:
info: Microsoft.EntityFrameworkCore.Migrations[...]
      Applying migration '...'
info: Microsoft.Hosting.Lifetime[14]
      Now listening on: http://0.0.0.0:5262
The default launch profile binds to http://0.0.0.0:5262, making the API reachable from your browser, any local frontend, and physical handheld devices on the same Wi-Fi network. In the Development environment, Swagger UI is automatically enabled at:
http://localhost:5262/swagger/index.html
3

Log in and obtain a JWT token

All protected endpoints require a Bearer token issued by POST /api/auth/login. Send your credentials as JSON:
curl -s -X POST http://localhost:5262/api/auth/login \
  -H "Content-Type: application/json" \
  -d '{"email": "[email protected]", "password": "123456"}'
A successful response returns HTTP 200 with the following shape:
{
  "token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "userId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "email": "[email protected]",
  "fullName": "System Administrator",
  "isSuperAdmin": false,
  "mustChangePassword": false,
  "companies": [
    {
      "companyId": "a1b2c3d4-0000-0000-0000-000000000001",
      "roleCode": "ADMIN"
    }
  ]
}
Copy the token value and the companyId of the company you want to work with — you will need both in the next step.
Handheld devices use a dedicated login endpoint that accepts a device identifier alongside credentials and auto-registers the device on first contact. See Handheld Login for details.
4

Make an authenticated warehouse request

Every tenant-scoped endpoint requires the JWT in the Authorization header and the target tenant’s GUID as the companyId query parameter (or the X-Company-Id request header). The following example lists all items for a given company:
curl -s http://localhost:5262/api/items?companyId=a1b2c3d4-0000-0000-0000-000000000001 \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
The middleware resolves companyId from (in order of precedence):
  1. The companyId query-string parameter
  2. The X-Company-Id request header
  3. The companyId claim embedded in the JWT
If the resolved company is inactive or its subscription plan is suspended, the API returns 403 Forbidden or 402 Payment Required respectively — no business logic runs.
5

Explore with Swagger UI

While running in the Development environment, the full interactive API reference is available at:
http://localhost:5262/swagger/index.html
Swagger is pre-configured with two security schemes:
  • Bearer — paste your JWT token to authenticate all subsequent requests in the UI.
  • X-Api-Key — used exclusively for ERP integration endpoints under /api/v1/integration/*.
For handheld device testing on a physical device connected to the same Wi-Fi network, use the handheld launch profile and replace localhost with your PC’s Wi-Fi IPv4 address (the default configuration targets 192.168.100.4:5262).

Build docs developers (and LLMs) love